| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2922
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
src/tools/sss_obfuscate:12:1: E302 expected 2 blank lines, found 1
src/tools/sss_obfuscate:29:80: E501 line too long (111 > 79 characters)
src/tools/sss_obfuscate:35:1: E302 expected 2 blank lines, found 1
src/tools/sss_obfuscate:47:80: E501 line too long (107 > 79 characters)
src/tools/sss_obfuscate:50:13: E265 block comment should start with '# '
src/tools/sss_obfuscate:58:17: E265 block comment should start with '# '
src/tools/sss_obfuscate:107:5: E303 too many blank lines (2)
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Based on patch from: Steven W. Elling <ellingsw+29044@gmail.com>
Resolves:
https://fedorahosted.org/sssd/ticket/2937
Reviewed-by: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Python tests for pyhbac and pysss_murmur created symbolic
links in shared directory ".libs". It happened that both
tests created symbolic link in the same time and therefore
python2 test could try to import link to python3 module
which caused failures in tests.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
The AC_PROG_LIBTOOL macro is obsoleted since libtool 2.0
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We recently added /usr/share/polkit-1/rules.d to the spec file
to fix issues with unowned directories. However there is conflict
with polkit package. The owner is not root.
Running transaction test
Error: Transaction check error:
file /usr/share/polkit-1/rules.d from install of sssd-common-1.13.90-0.20160125.1503.git1b8858b.master.f
+c23.x86_64 conflicts with file from package polkit-0.113-4.fc23.x86_64
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch removes unnecessary requires of dbus-libs
because it's already detected from library.
However we forgot to call ldconfig after (un)installation.
sh$ rpm -q -p --requires libsss_simpleifp-1.13.90-0.fc23.x86_64.rpm | grep dbus
libdbus-1.so.3()(64bit)
libdbus-1.so.3(LIBDBUS_1_3)(64bit)
sssd-dbus = 1.13.90-0.fc23
sh$ rpm -q --whatprovides "libdbus-1.so.3()(64bit)"
dbus-libs-1.10.6-1.fc23.x86_64
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
rhel5 required to clean buildroot in install section.
The %clean section is not required for F-13 and above, and EPEL 6 and
above. EPEL 5 MUST have a %clean section that cleans the buildroot:
https://fedoraproject.org/wiki/EPEL:Packaging#Prepping_BuildRoot_For_.25install
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pyhbac.c: In function ‘HbacRuleElement_repr’:
src/python/pyhbac.c:506:59: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (strnames == NULL || strgroups == NULL || category == -1) {
^
src/python/pyhbac.c: In function ‘HbacRuleElement_to_native’:
src/python/pyhbac.c:614:51: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (!el->names || !el->groups || el->category == -1) {
^
The static function native_category had type of terurn value uint32_t
But it also could return -1 which indicated an error.
It's better to don't mix return code with returned value.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
src/python/pysss_murmur.c:47:17: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
key_len > strlen(key)) {
^
uint32_t murmurhash3(const char *key, int len, uint32_t seed)
The second argument of the function murmurhash3 has type int.
But the code expects to be unsigned integer.
There is code in python wrapper py_murmurhash3
which check boundaries of that argument.
It should be an unsigned "key_len > INT_MAX || key_len < 0".
An exception should be thrown for negative number.
Moreover, the length should be shorter then a length of input string.
The strlen returns size_t which is unsigned and key_len is signed long.
We already checked that value is unsigned so
we can safely cast key_len to size_t
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
src/tools/tools_util.c: In function ‘parse_groups’:
src/tools/tools_util.c:116:19: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < tokens; i++) {
^
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is needed for LOCAL view but also creates a shortcut for
server side overrides.
Resolves:
https://fedorahosted.org/sssd/ticket/2849
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch is related to commit 50c9d542e8bf641412debaa82a4dcf67ddb72258
"tests: Use unique name for TEST_PATH"
It's better to do IO operation in common test directory
to prevent conflict with other test (copy & paste errors)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's better to do not rely on custom scripts
and do not call systemctl directly.
This is exactly purpose of systemd-rpm macros.
All sections are equivalent excluding "%post common".
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds support to get SELINUX context and make code more abstract so
that struct ucred (if availale) can be used w/o redefining uid,gid,pid to
int32. Also gives a layer of indirection that may come handy if we want
to improve the code further in the future.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When refresh_expired_interval was not zero,
the NSS responder only refreshed netgroup cache
using background periodic task and ignored
SYSDB_CACHE_EXPIRE attribute.
With this behaviour it was impossible to
get new netgroup from remote server even
after sss_cache tool was used to expire
existing entry in the cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2912
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Create new internal structure idmap_range_params by merging ID mapping
range relevant fields from idmap_domain_info and remove corrsponding
fields.
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Max value of id mapping range was 1 unit too high.
Resolves:
https://fedorahosted.org/sssd/ticket/2922
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2925
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2791
When a modern IPA client is connected to an old (3.x) IPA server, the
attribute dereferenced during the ID views lookup does not exist, which
triggers an error during the dereference processing and also a confusing
syslog message.
This patch suppresses the syslog message.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2904
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AD expects its clients to renew the machine account password on a
regular basis, be default every 30 days. Even if a client does not renew
the password it might not cause issues because AD does not enforce the
renewal. But the password age might be used to identify unused machine
accounts in large environments which might get disabled or deleted
automatically.
With this patch SSSD calls an external program to check the age of the
machine account password and renew it if needed. Currently 'adcli' is
used as external program which is able to renew the password since
version 0.8.0.
Resolves https://fedorahosted.org/sssd/ticket/1041
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the SSSD default options like e.g. --debug-level are added
unconditionally to the command line options of a child process when
started with the child helper functions.
If a binary from a different source should be started as a child by SSSD
those options might not be known or used differently. This patch adds an
option to exec_child_ex() which allows to skip the default options and
only add specific options.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
usn >= current && usn != currect is equivalent to usn >= current + 1
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
This condition always disabled smart refresh when full refresh
interval was set to zero and thus disabling periodic refresh
functionality completelely.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
When we switched to be_ptaks full_refresh_done has become obsolete since
timing is handled in a better way. In case of unknown USN we assume zero
which allows us to disable full refresh completely in configuration.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
When we switched to be_ptask this variable has become obsolete.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
This is less error prone.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch implement logic to choose between IPA and LDAP schema. From
this point the sudo support in IPA is removed if sudo search base is
not set specifically, it will be brought back in furter patches.
Resolves:
https://fedorahosted.org/sssd/ticket/1108
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
